Apple loses big in DRM ruling: jailbreaks are “fair use”

Every three years, the Library of Congress approves a handful of exemptions to …

Every three years, the Library of Congress has the thankless task of listening to people complain about the Digital Millennium Copyright Act. The DMCA forbade most attempts to bypass the digital locks on things like DVDs, music, and computer software, but it also gave the Library the ability to wave its magical copyright wand and make certain DRM cracks legal for three years at a time.

This time, the Library went (comparatively) nuts, allowing widespread bypassing of the CSS encryption on DVDs, declaring iPhone jailbreaking to be "fair use," and letting consumers crack their legally purchased e-books in order to have them read aloud by computers.

The exemptions

The DMCA was passed in 1998, so this is the fourth go-round for the Library. In the past, people have usually complained that DRM prevented them from making legitimate use of items like DVDs—format-shifting a copy to one's iPod, for instance, was forbidden. The Register of Copyrights (who is part of the Library of Congress) dutifully listened to these complaints and then did... very little. Previous exemptions could charitably be described as "parsimonious." After all, if you need a two-minute clip of a film, you could always get it from a VHS tape or by taping a TV screen. Right?

The Librarian and the Register, cautious folks that they are, have moved slowly, but after more than a decade of the DMCA, they are increasingly willing to acknowledge its harms. That lead to this morning's ruling, which provides DRM circumvention exemptions for the following six classes of works:

(1) Motion pictures on DVDs that are lawfully made and acquired and that are protected by the Content Scrambling System when circumvention is accomplished solely in order to accomplish the incorporation of short portions of motion pictures into new works for the purpose of criticism or comment, and where the person engaging in circumvention believes and has reasonable grounds for believing that circumvention is necessary to fulfill the purpose of the use in the following instances:

(i) Educational uses by college and university professors and by college and university film and media studies students;
(ii) Documentary filmmaking;
(iii) Noncommercial videos.

(2) Computer programs that enable wireless telephone handsets to execute software applications, where circumvention is accomplished for the sole purpose of enabling interoperability of such applications, when they have been lawfully obtained, with computer programs on the telephone handset.

(3) Computer programs, in the form of firmware or software, that enable used wireless telephone handsets to connect to a wireless telecommunications network, when circumvention is initiated by the owner of the copy of the computer program solely in order to connect to a wireless telecommunications network and access to the network is authorized by the operator of the network.

(4) Video games accessible on personal computers and protected by technological protection measures that control access to lawfully obtained works, when circumvention is accomplished solely for the purpose of good faith testing for, investigating, or correcting security flaws or vulnerabilities, if:

(i) The information derived from the security testing is used primarily to promote the security of the owner or operator of a computer, computer system, or computer network; and (ii) The information derived from the security testing is used or maintained in a manner that does not facilitate copyright infringement or a violation of applicable law.

(5) Computer programs protected by dongles that prevent access due to malfunction or damage and which are obsolete. A dongle shall be considered obsolete if it is no longer manufactured or if a replacement or repair is no longer reasonably available in the commercial marketplace; and

(6) Literary works distributed in ebook format when all existing ebook editions of the work (including digital text editions made available by authorized entities) contain access controls that prevent the enabling either of the book’s read-aloud function or of screen readers that render the text into a specialized format.

The language here can be opaque, so let's parse these a bit.

DVDs

First up: DVDs! Previous exemptions have been carved out for college professors who might use film clips in class. But note the broad nature of the new rule—it applies to everyone. As long as you are making a documentary or noncommercial video, you're in.

The exemption only covers "short portions of motion pictures," since the Register was not convinced that longer portions would necessarily be fair use. And if there's some other way of getting the clips short of bypassing DRM, you should take it.

According to the official explanatory text (PDF), "Where alternatives to circumvention can be used to achieve the noninfringing purpose, such noncircumventing alternatives should be used." Thus, if you have screen capture software and need only a low-quality copy for some purpose, you should use that.

But the exemption is a key one, despite its limiting language. As the Librarian of Congress finally admitted, "I agree with the Register that the record demonstrates that it is sometimes necessary to circumvent access controls on DVDs in order to make these kinds of fair uses of short portions of motion pictures."

Jailbreaking

The most surprising ruling was on "jailbreaking" one's phone (exemption number two), replacing the company-provided operating system with a hacked version that has fewer limitations. Make no mistake: this was all about Apple. And Apple lost.

The Electronic Frontier Foundation argued that jailbreaking one's iPhone should be allowed, even though it required one to bypass some DRM and then to reuse a small bit of Apple's copyright firmware code. Apple showed up at the hearings to say, in numerous ways, that the idea was terrible, ridiculous, and illegal. In large part, that was because the limit on jailbreaking was needed to preserve Apple's controlled ecosystem, which the company said was of great value to consumers.

That might be true, the Register agreed, but what did it have to do with copyright?

"Apple is not concerned that the practice of jailbreaking will displace sales of its firmware or of iPhones," wrote the Register, explaining her thinking by running through the "four factors" of the fair use test. "Indeed, since one cannot engage in that practice unless one has acquired an iPhone, it would be difficult to make that argument. Rather, the harm that Apple fears is harm to its reputation. Apple is concerned that jailbreaking will breach the integrity of the iPhone's ecosystem. The Register concludes that such alleged adverse effects are not in the nature of the harm that the fourth fair use factor is intended to address."

And the Register concluded that a jailbroken phone used "fewer than 50 bytes of code out of more than 8 million bytes, or approximately 1/160,000 of the copyrighted work as a whole. Where the alleged infringement consists of the making of an unauthorized derivative work, and the only modifications are so de minimis, the fact that iPhone users are using almost the entire iPhone firmware for the purpose for which it was provided to them by Apple undermines the significance" of Apple's argument.

The conclusion is sure to irritate Steve Jobs: "On balance, the Register concludes that when one jailbreaks a smartphone in order to make the operating system on that phone interoperable with an independently created application that has not been approved by the maker of the smartphone or the maker of its operating system, the modifications that are made purely for the purpose of such interoperability are fair uses."

SecuROM and SafeDisc

Exemption four is quite clear—security research on DRM-limited video games is allowed—but why is it there? What research needs to be done?

It turns out that the real target here is the DRM itself, specifically two controversial systems called SecuROM and SafeDisc. Professor Alex Halderman, a longtime security researcher in this area, begged the Library to let him investigate these kinds of invasive DRM without legal worries.

"The evidence relating to SecuROM tends to be highly speculative," said the Register, explaining her approval of the exemption, "but Professor Halderman asserted that this situation has been crying out for an investigation by reputable security researchers in order to rigorously determine the nature of the problem that this system cause[s], and dispel this uncertainty about exactly what's going on. He believed that the prohibition on circumvention is at least in part to blame for the lack of rigorous, independent analysis."

But the SafeDisc situation is clearer. "In contrast to SecuROM, SafeDisc has created a verifiable security vulnerability on a large number of computers. Opponents of the proposed class did not dispute that SafeDisc created a security vulnerability, but they argued that the security flaw was patched by Microsoft in 2007, without the need of an exemption. However, SafeDisc was preloaded on nearly every copy of Microsoft's Windows XP and Windows 2003 operating systems and was on the market for over six years before a security researcher discovered malware exploiting the security. The vulnerability had the capacity to affect nearly one billion PCs."

Given what's at stake, the Library decided to allow such security research.

E-books

Remember how Amazon got into trouble with publishers for allowing its Kindle to do automated text-to-speech? Publishers objected that this could cut into their audiobook money and that it might violate their rights.

Amazon may have clamped down on the feature in response, but the Library of Congress has now given users the right to crack e-book DRM in order to hear the words. Exemption number six only applies in cases where there is no alternative; if e-book vendors offer any sort of version that allows screen-reading or text-to-speech, even if the price is significantly higher, people must use that version rather than bypass DRM.

But if there are no commercial alternatives, e-book buyers are at last legally allowed to bypass DRM.

The clock is ticking

Other, broader exemptions were not allowed. Bypassing the DRM on purchased music when the authentication servers have gone dark? Still illegal. Bypassing the DRM on streaming video in order to watch it on non-supported platforms? Nope.

But the exemptions that did make it were carefully thought out and actually helpful this time around. That's the good news. The bad news is that they must be re-argued every three years, and the Library has taken so long getting its most recent ruling out that that the next review happens just two years from now.

Did I read that correctly? Game cracks are now "ok" if the DRM on the disc is borked? Nice one. I don't think is was necessarily illegal (or at least prosecuted) before this, but at least they are acknowledging the flaws in DRM.

"The most surprising ruling was on "jailbreaking" one's phone (exemption number two), replacing the company-provided operating system with a hacked version that has fewer limitations. Make no mistake: this was all about Apple. And Apple lost."

"The most surprising ruling was on "jailbreaking" one's phone (exemption number two), replacing the company-provided operating system with a hacked version that has fewer limitations. Make no mistake: this was all about Apple. And Apple lost."

Sooooo, how about the new Motorola Droid X?

The ruling appears to apply to all smartphones, though some of that may depend on how much copyrighted code is used by the jailbreaker.

"The most surprising ruling was on "jailbreaking" one's phone (exemption number two), replacing the company-provided operating system with a hacked version that has fewer limitations. Make no mistake: this was all about Apple. And Apple lost."

The founding fathers are throwing a party in Valhalla right now. I am looking forward to reports of legions of AT&T customers lining up at various T-Mobile stores to use their GSM network with an iPhone or iPad. Then I am looking forward to reports about how T-Mobile's service and coverage suck once all those data-vacuums start hoovering all the bandwidth.

Don't understand, how was Jailbreaking your iPhone ever "illegal"? When I think illegal, I see cops busting down your doors. I see taking your jailbroken phone to an Apple store, them seeing it, then calling the police. But we never saw that. Hell, Leo LaPorte talked about jailbreaking his phones all the time. Woz even jailbroke Kathy Griffin's iPhone on TV.

Don't understand why they keep using the word "illegal". Should that be the correct term? Just curious.

"The most surprising ruling was on "jailbreaking" one's phone (exemption number two), replacing the company-provided operating system with a hacked version that has fewer limitations. Make no mistake: this was all about Apple. And Apple lost."

Sooooo, how about the new Motorola Droid X?

The ruling appears to apply to all smartphones, though some of that may depend on how much copyrighted code is used by the jailbreaker.

The ruling does not seem to prevent the implementation of DRM on the phones, the manufacturer just can't prosecute you for bypassing it. From all appearances Motorola only puts the DRM on in the first place. Once it has been cracked they don't seem to bother with it.

The exemptions only cover DMCA violations. So you're not going to be sued or fined for violating DMCA. They have no bearing on the companies making DRM easier/harder to break or having clauses in their contracts that tie breaking the DRM to refusal of service.

Except the main reason for jailbreaking is actually to obtain *illegal* software, so the vast majority of jailbreaking is still illegal (technically), but the perception is now that it's "okay" so even *more* theft will undoubtedly result.

The only good that can come from this at all is that it might stop Apple from banning apps on strictly "moral" grounds, which is the very thing that has ruined their argument before the court on this one. If they were instead only banning the installation of programs that were malicious, they would have won the day.

This just proves the axiom that censorship is always wrong unless there is a valid, concrete, easily describable harm being done. In this case, it's ruined Apples chances of controlling it's platform, simply because they wanted to keep boobies out of the app store.

The exemptions only cover DMCA violations. So the justice department isn't going to get'cha for violating DMCA. They have no bearing on the companies making it easier/harder to break or having clauses in their contracts that tie breaking the DRM to refusal of service.

In its explanation, the Library basically admitted that the issue of contracts/ownership was a murky one and that its ruling had nothing to do with it. This is just about copyright.

Don't understand why they keep using the word "illegal". Should that be the correct term? Just curious.

Jailbreaking required circumvention of the protection on the phone that the manufacturer included. Until this ruling, that was a violation of the DMCA, which is a law, hence "illegal" or "against the law."

Don't understand why they keep using the word "illegal". Should that be the correct term? Just curious.

Jailbreaking required circumvention of the protection on the phone that the manufacturer included. Until this ruling, that was a violation of the DMCA, which is a law, hence "illegal" or "against the law."

So I'm guessing this is tantamount to speeding 5 miles over the speed-limit or jaywalking?

Except the main reason for jailbreaking is actually to obtain *illegal* software, so the vast majority of jailbreaking is still illegal (technically), but the perception is now that it's "okay" so even *more* theft will undoubtedly result.

The only good that can come from this at all is that it might stop Apple from banning apps on strictly "moral" grounds, which is the very thing that has ruined their argument before the court on this one. If they were instead only banning the installation of programs that were malicious, they would have won the day.

This just proves the axiom that censorship is always wrong unless there is a valid, concrete, easily describable harm being done. In this case, it's ruined Apples chances of controlling it's platform, simply because they wanted to keep boobies out of the app store.

I am ignorant I know, but I thought it was to be able to install apps from anywhere, and not be tied to a single location for your apps.

So maybe it's not "illegal" now, but that doesn't mean that Apple has to honor a warranty on a jailbroken iPhone does it? If you jailbreak your iPhone and install some malware or whatever, it's not like they have to fix it for you do they?

Don't understand, how was Jailbreaking your iPhone ever "illegal"? When I think illegal, I see cops busting down your doors. I see taking your jailbroken phone to an Apple store, them seeing it, then calling the police. But we never saw that.

I don't see many cops busting down doors for parking in front of a fire hydrant, but it's still "illegal". Just because something's illegal doesn't make it a serious offense.

Bypassing the DRM on purchased music when the authentication servers have gone dark? Perhaps the dongle rule could cover this. If you bought it, you have a license to use it even if the provider went belly-up. At that point the authentication server could be considered a dead dongle.

Don't understand why they keep using the word "illegal". Should that be the correct term? Just curious.

Jailbreaking required circumvention of the protection on the phone that the manufacturer included. Until this ruling, that was a violation of the DMCA, which is a law, hence "illegal" or "against the law."

So I'm guessing this is tantamount to speeding 5 miles over the speed-limit or jaywalking?

In terms of the seriousness of the crime, yes. In terms of the punishment:

Quote:

first time offenders may be fined up to $500,000, imprisoned for five years, or both

Gazoobee: What the heck are you talking about? There are a lot of reasons for jailbreaking your phone. Most notably is so you can get native file access. There are also a lot of free apps that you can't get through the App store. I am sure there are ways to abuse this, but I think you are being overly cynical.

Goofball_Jones: Yes, it was illegal just like having booze was during prohibition. They usually went after the distributors only though. So in this case, that means the people publishing the cracks and data. So most of it occurred outside the US for this reason. Now US citizens can work on the same things.

2) I'm guessing that the carriers are under no obligation to unlock the phones themselves (although it's always been questionable how they justify locking in the first place given the subsidy-nuetralizing ETFs), but is it now legal for anyone in the US to post an unlock procedure/code out in the open for anyone to use?

The fact that these fundamental issues have to be argued every three years, apparently by rote, points up just how poorly conceived and written the DMCA actually is. I think repealing the DMCA and setting up permanent definitions of fair use makes much more sense. It boggles the mind how some corporations feel that even after they have sold a hardware device to a consumer, and transferred ownership of that device to him, that they think they still own the device and that the consumer may use it only in company-approved ways. We need to hear much less about company rights after they have made their sales to consumers, and far more about consumer rights over the property they have just purchased from these companies. The way things look today it's like companies have a license to take our money and run, and whatever we get out of the deal is sure to be far less than we had every right to expect.

Who is finally going to delineate the line in the sand that firmly differentiates between a company's rights over the hardware it sells, and the consumer's rights over the hardware they have just purchased from those companies? It's most definitely true that before the sale the IP companies have exclusive rights to their IP. But after the sale of that IP to consumers, and for a price the IP company sets itself, then the rights of the consumer become the paramount rights--since they are rights the consumer has *paid for* and lawfully obtained. Why is this such a difficult concept for legal minds to grasp?

Now if only we can go from "rooted" to "eFuse bypassed" on the Droid X....

It's the only thing making me wonder if the "Fascinate" (Galaxy S) might be a better choice.

...anyone know the status of ROMs for the Galaxy S? Also would be wanting a multimedia dock and a car/GPS dock for the thing.

Basically, If I can find some good docks for the Galaxy and ROMs are coming along, I will get that over the Droid X....I see little point to Android without the ability to apply cooked ROMs and "update at will".

It'd be great if, instead of calling it "jailbreaking", we could call it "rooting your phone" (+/- "and installing custom firmware") - what you're actually doing when you "jailbreak". It's a point, since the ruling affects all handsets (such as android handsets, which are locked on AT&T), not just apple devices.

I honestly think that people just refer to it as that because they don't even understand what they're doing.

The "1/160,000th of the code" comment scares me. I generally think that Copyright should be less strict, but a statement like that leads to quantitative arguments, ("Oh, he only used 1/300th of the work, so it's alright"), at which point we start getting into nitpicking. Is using 3 minutes of a film ok? Only if it's longer than an hour and a half?

It just feels like rulings like that put the law farther away from average people.

So theoretically, could one now crack the CSS on a DVD and break it up into many short clips for non-commercial use that add up in total to the whole movie? E.g, could I format shift a DVD to an iPhone, chapter-by-chapter?

The "1/160,000th of the code" comment scares me. I generally think that Copyright should be less strict, but a statement like that leads to quantitative arguments, ("Oh, he only used 1/300th of the work, so it's alright"), at which point we start getting into nitpicking. Is using 3 minutes of a film ok? Only if it's longer than an hour and a half?

Actually, these relative measurements have been a part of the requirements for fair use for a long time. If I use 30 seconds of a piece of media for the purposes of a review, is it fair use? Trick question: it depends upon how long the original source was. 30 seconds of a 2 hour movie is very different from 30 seconds of a 35 second short.

Quote:

It just feels like rulings like that put the law farther away from average people.

How is establishing quantitative guidelines putting the law "farther" away from "average" people? If anything, it makes it easier for people to establish whether they have to be concerned about receiving fair use protection. If the ruling instead said something like "a substantial portion", I'd be worried like hell about whether my lawyer was better than the other guy's. Is including the final 1 minute where the whole story is recapped and finished "substantial"? Hell if I know.